| Vulnerability Name: | CVE-2002-1153 (CCN-10140) | ||||||||
| Assigned: | 2002-09-19 | ||||||||
| Published: | 2002-09-19 | ||||||||
| Updated: | 2016-10-18 | ||||||||
| Summary: | IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host". | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: CCN Type: IBM eFix (APAR): PQ62144 Large header can cause webserver to crash Source: CONFIRM Type: Exploit, Patch, Vendor Advisory ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/pq62144/readme.txt Source: CCN Type: VulnWatch Mailing List, Thu Sep 19 2002 - 03:51:20 CDT KPMG-2002035: IBM Websphere Large Header DoS Source: MITRE Type: CNA CVE-2002-1153 Source: BUGTRAQ Type: UNKNOWN 20020919 KPMG-2002035: IBM Websphere Large Header DoS Source: CCN Type: IBM Web site PQ62144, 4.0.3: Possible security exposure with web servers plugin Source: XF Type: Vendor Advisory websphere-host-header-bo(10140) Source: OSVDB Type: UNKNOWN 2092 Source: CCN Type: OSVDB ID: 2092 IBM WebSphere HTTP Request Header Remote Overflow Source: BID Type: UNKNOWN 5749 Source: CCN Type: BID-5749 IBM WebSphere Large HTTP Header Buffer Overflow Vulnerability Source: CCN Type: BID-575 Solaris sdtcm_convert File Creation Vulnerability Source: XF Type: UNKNOWN websphere-host-header-bo(10140) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||